Step 3. Register or Select Microsoft Entra Application

At this step of the wizard, you can create a new application in Microsoft Entra ID (formerly Azure Active Directory) or select an existing one.

• Registering a new application

Use this method if you have selected the Register a new Azure AD application automatically option at the previous step of the wizard.

• Using an existing application

Use this method if you have selected the Use an existing Azure AD application option at the previous step of the wizard.

Registering New Microsoft Entra Application

You can register a new Microsoft Entra application in Microsoft Entra ID (formerly Azure Active Directory). Veeam Backup for Microsoft 365 will use this application for data exchange when transferring backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive during backup copy jobs.

When registering a new Microsoft Entra application, Veeam Backup for Microsoft 365 automatically grants the required permissions to this application.

To register a new Microsoft Entra application, do the following:

1. In the Name field, enter a name that you want to use to register a new Microsoft Entra application in your Microsoft Entra ID (formerly Azure Active Directory).
2. Click Install to specify an SSL certificate that you want to use for data exchange between Veeam Backup for Microsoft 365 and a Microsoft Entra application.
3. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Microsoft Entra ID (formerly Azure Active Directory). For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

4. In the Specify Azure service account description field, enter optional description.

Using Existing Microsoft Entra Application

You can specify an existing Microsoft Entra application in your Microsoft Entra ID (formerly Azure Active Directory). Veeam Backup for Microsoft 365 will use this application for data exchange when transferring backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive during backup copy jobs.

To use an existing application, do the following:

1. In the Tenant ID field, specify Microsoft Entra ID (formerly Azure Active Directory) tenant ID.
2. In the Application ID field, specify an identification number of your Microsoft Entra application.

You can find this number in an application settings in your Microsoft Entra ID (formerly Azure Active Directory). For more information, see this Microsoft article.

3. Select an authentication type. You can select either Application secret or Application certificate:

1. To use a certificate, select the Application certificate option and click Install. For more information, see Installing SSL Certificates.

Keep in mind that you must upload a certificate file to Microsoft Identity platform beforehand. For more information, see this Microsoft article.

2. To use a secret key, select the Application secret option and enter a secret key in the field nearby to access your custom application.

To obtain a secret key, you will need to generate it first. For more information on how to generate a secret key, see this Microsoft article.

Keep in mind that a key will become hidden once you leave or refresh the page in Microsoft Identity platform. Consider saving the key to a secure location.

4. Select the Grant this application required permissions and register its certificate in Azure AD check box to automatically grant the required permissions to Microsoft Entra application.

Veeam Backup for Microsoft 365 will also register the specified certificate in your Microsoft Entra ID (formerly Azure Active Directory).

Keep in mind that you do not need to select this check box if you have granted the required permissions to the specified Microsoft Entra application beforehand and already registered its certificate in Microsoft Entra ID (formerly Azure Active Directory). If the Grant this application required permissions and register its certificate in Azure AD check box is not selected, Veeam Backup for Microsoft 365 skips the Log in to Microsoft 365 and Select Microsoft Azure Subscription steps and finishes the wizard.

5. In the Specify Azure service account description field, enter optional description.